bbot icon indicating copy to clipboard operation
bbot copied to clipboard

Published 20 hours ago • verified publisher icon blacklanternsecurity

Duplicate JWTs

Open TheTechromancer opened this issue 1 year ago • 4 comments
trafficstars

Duplicate JWTs are a problem. When you enable the web spider on a JWT-enabled website, you are likely to get two JWT events from every URL (one from excavate and one from badsecrets). That means if you spider a single website that has 1000 URLS, you will get 2000 JWTs that are effectively all the same.

I think the best way to solve this is to have a dedicated JWT event that intelligently dedupes itself by its contents, disregarding any one-time information like nonces/timestamps. This will ensure that equivalent JWTs won't be duplicated across the scan.

TheTechromancer avatar Apr 25 '24 18:04 TheTechromancer

I like the idea, but i agree with the low priority tag as it would be a relatively big project for a small reward.

liquidsec avatar May 04 '24 14:05 liquidsec

Moving JWT parsing into the event validation seems pretty small compared to most of the other reworks that are happening. Unless I'm missing something.

TheTechromancer avatar May 04 '24 16:05 TheTechromancer